CSP - extract all other inline JavaScripts (#6528)
* wizard page inline js * print topic inline js * drop JS for preventing double submission this is the default behavior with Rails' UJS `disable_with` helper * omniauth complete redirect JS * account activate inline js
This commit is contained in:
parent
56e0f47bcd
commit
a6eca28ec6
|
@ -0,0 +1,24 @@
|
|||
(function() {
|
||||
setTimeout(function() {
|
||||
const $activateButton = $("#activate-account-button");
|
||||
$activateButton.on("click", function() {
|
||||
$activateButton.prop("disabled", true);
|
||||
const hpPath = document.getElementById("data-activate-account").dataset
|
||||
.path;
|
||||
$.ajax(hpPath)
|
||||
.then(function(hp) {
|
||||
$("#password_confirmation").val(hp.value);
|
||||
$("#challenge").val(
|
||||
hp.challenge
|
||||
.split("")
|
||||
.reverse()
|
||||
.join("")
|
||||
);
|
||||
$("#activate-account-form").submit();
|
||||
})
|
||||
.fail(function() {
|
||||
$activateButton.prop("disabled", false);
|
||||
});
|
||||
});
|
||||
}, 50);
|
||||
})();
|
|
@ -0,0 +1,6 @@
|
|||
(function() {
|
||||
const path = document.getElementById("data-auto-redirect").dataset.path;
|
||||
setTimeout(function() {
|
||||
window.location.href = path;
|
||||
}, 2000);
|
||||
})();
|
|
@ -0,0 +1,14 @@
|
|||
(function() {
|
||||
const { authResult, baseUrl } = document.getElementById(
|
||||
"data-auth-result"
|
||||
).dataset;
|
||||
const parsedAuthResult = JSON.parse(authResult);
|
||||
|
||||
if (!window.opener) {
|
||||
localStorage.setItem("lastAuthResult", authResult);
|
||||
window.location.href = `${baseUrl}?authComplete=true`;
|
||||
} else {
|
||||
window.opener.Discourse.authenticationComplete(parsedAuthResult);
|
||||
window.close();
|
||||
}
|
||||
})();
|
|
@ -0,0 +1,3 @@
|
|||
document.addEventListener("DOMContentLoaded", function() {
|
||||
window.print();
|
||||
});
|
|
@ -0,0 +1,4 @@
|
|||
(function() {
|
||||
var wizard = require("wizard/wizard").default.create();
|
||||
wizard.start();
|
||||
})();
|
|
@ -110,10 +110,6 @@
|
|||
color: #0088cc !important;
|
||||
}
|
||||
</style>
|
||||
<script>
|
||||
document.addEventListener("DOMContentLoaded", function() {
|
||||
window.print();
|
||||
});
|
||||
</script>
|
||||
<%= preload_script('print-page') %>
|
||||
<% end %>
|
||||
<% end %>
|
||||
|
|
|
@ -28,20 +28,8 @@
|
|||
<%= hidden_field_tag 'push_url', @push_url %>
|
||||
<%= hidden_field_tag 'public_key', @public_key%>
|
||||
<%= hidden_field_tag 'scopes', @scopes%>
|
||||
<%= submit_tag t('user_api_key.authorize'), class: 'btn btn-danger', id: 'submit' %>
|
||||
<%= submit_tag t('user_api_key.authorize'), class: 'btn btn-danger' %>
|
||||
<% end %>
|
||||
<script>
|
||||
window.__submitted = false;
|
||||
|
||||
// prevent double submission which would invalidate the nonce
|
||||
document.getElementById('submit').addEventListener('click', function(e){
|
||||
if (window.__submitted) {
|
||||
e.preventDefault();
|
||||
} else {
|
||||
window.__submitted = true;
|
||||
}
|
||||
});
|
||||
</script>
|
||||
</div>
|
||||
<% end %>
|
||||
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
<script language="javascript">
|
||||
(function() {
|
||||
setTimeout(function() {
|
||||
window.location.href = '<%= path("/") %>';
|
||||
}, 2000);
|
||||
})();
|
||||
</script>
|
|
@ -13,22 +13,7 @@
|
|||
<%= preload_script "ember_jquery" %>
|
||||
<%= preload_script "vendor" %>
|
||||
<%= render_google_universal_analytics_code %>
|
||||
<%= tag.meta id: 'data-activate-account', data: { path: path('/u/hp') } %>
|
||||
<%- end %>
|
||||
|
||||
<script language="javascript">
|
||||
(function() {
|
||||
setTimeout(function() {
|
||||
var $activateButton = $('#activate-account-button');
|
||||
$activateButton.on('click', function() {
|
||||
$activateButton.prop('disabled', true);
|
||||
$.ajax("<%= path "/u/hp" %>").then(function(hp) {
|
||||
$('#password_confirmation').val(hp.value);
|
||||
$('#challenge').val(hp.challenge.split("").reverse().join(""));
|
||||
$('#activate-account-form').submit();
|
||||
}).fail(function() {
|
||||
$activateButton.prop('disabled', false);
|
||||
});
|
||||
});
|
||||
}, 50);
|
||||
})();
|
||||
</script>
|
||||
<%= preload_script "activate-account" %>
|
||||
|
|
|
@ -15,6 +15,11 @@
|
|||
border-bottom-color: #999;
|
||||
}
|
||||
</style>
|
||||
<%= tag.meta id: 'data-auth-result', data: {
|
||||
auth_result: @auth_result.to_client_hash,
|
||||
base_url: Discourse.base_url
|
||||
} %>
|
||||
<%= preload_script('omniauth-complete') %>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
|
@ -23,18 +28,6 @@
|
|||
<%=t "login.auth_complete" %>
|
||||
<a href="<%= Discourse.base_url.html_safe %>?authComplete=true"><%= t("login.click_to_continue") %></a>
|
||||
</p>
|
||||
|
||||
<script type="text/javascript">
|
||||
var authResult = <%=@auth_result.to_client_hash.to_json.html_safe%>;
|
||||
|
||||
if (!window.opener) {
|
||||
localStorage.setItem('lastAuthResult', JSON.stringify(authResult));
|
||||
window.location.href = '<%= Discourse.base_url.html_safe %>?authComplete=true';
|
||||
} else {
|
||||
window.opener.Discourse.authenticationComplete(authResult);
|
||||
window.close();
|
||||
}
|
||||
</script>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -13,7 +13,10 @@
|
|||
<% else %>
|
||||
<p><%= t('activation.please_continue') %></p>
|
||||
<p><a class="btn" href="<%= path "/" %>"><%= t('activation.continue_button', site_name: SiteSetting.title) -%></a></p>
|
||||
<%= render partial: 'auto_redirect_home' %>
|
||||
<%- content_for(:no_ember_head) do %>
|
||||
<%= tag.meta id: 'data-auto-redirect', data: { path: path('/') } %>
|
||||
<%- end %>
|
||||
<%= preload_script 'auto-redirect' %>
|
||||
<% end %>
|
||||
<%end%>
|
||||
</div>
|
||||
|
|
|
@ -17,12 +17,6 @@
|
|||
|
||||
<body class='wizard'>
|
||||
<div id='wizard-main'></div>
|
||||
|
||||
<script>
|
||||
(function() {
|
||||
var wizard = require('wizard/wizard').default.create();
|
||||
wizard.start();
|
||||
})();
|
||||
</script>
|
||||
<%= preload_script 'wizard-start' %>
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -121,6 +121,11 @@ module Discourse
|
|||
google-universal-analytics.js
|
||||
preload-application-data.js
|
||||
authentication-complete.js
|
||||
print-page.js
|
||||
omniauth-complete.js
|
||||
activate-account.js
|
||||
auto-redirect.js
|
||||
wizard-start.js
|
||||
}
|
||||
|
||||
# Precompile all available locales
|
||||
|
|
|
@ -6,7 +6,7 @@ require_dependency "auth/result"
|
|||
describe "users/omniauth_callbacks/complete.html.erb" do
|
||||
|
||||
let :rendered_data do
|
||||
JSON.parse(rendered.match(/var authResult = (.*);/)[1])
|
||||
JSON.parse(rendered.match(/data-auth-result="([^"]*)"/)[1].gsub('"', '"'))
|
||||
end
|
||||
|
||||
it "renders auth info" do
|
||||
|
|
Loading…
Reference in New Issue